Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/h8utNnfvbf_2G8hn7MY6dUz09DY.roa
File:                     h8utNnfvbf_2G8hn7MY6dUz09DY.roa (raw, json)
Hash identifier:          R3XToQvIrIerkFXXeV76xy78wcyvDAHugNY5A2vy68A=
Subject key identifier:   87:CB:AD:36:77:EF:6D:FF:F6:1B:C8:67:EC:C6:3A:75:4C:F4:F4:36
Certificate issuer:       /CN=668e9b2eefb205342382b6072a903f9d9837071a
Certificate serial:       018FB8FF7F0233B6EB1CE81679EBB09AE4E2
Authority key identifier: 66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/h8utNnfvbf_2G8hn7MY6dUz09DY.roa
Signing time:             Mon 27 May 2024 07:41:42 +0000
ROA not before:           Mon 27 May 2024 07:41:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44056
IP address blocks:        31.135.224.0/20 maxlen: 20
                          31.135.226.0/23 maxlen: 23
                          31.135.228.0/22 maxlen: 22
                          31.135.232.0/22 maxlen: 22
                          31.135.236.0/23 maxlen: 23
                          46.148.128.0/20 maxlen: 20
                          46.148.128.0/22 maxlen: 22
                          46.148.143.0/24 maxlen: 24
                          83.97.104.0/21 maxlen: 21
                          91.195.130.0/23 maxlen: 23
                          91.230.146.0/24 maxlen: 24
                          91.237.186.0/23 maxlen: 23
                          91.237.186.0/24 maxlen: 24
                          91.237.187.0/24 maxlen: 24
                          109.196.64.0/20 maxlen: 24
                          109.196.64.0/22 maxlen: 22
                          109.196.68.0/22 maxlen: 22
                          176.125.192.0/19 maxlen: 19
                          195.2.238.0/23 maxlen: 23
                          2a13:2940::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b8:ff:7f:02:33:b6:eb:1c:e8:16:79:eb:b0:9a:e4:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=668e9b2eefb205342382b6072a903f9d9837071a
        Validity
            Not Before: May 27 07:41:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87cbad3677ef6dfff61bc867ecc63a754cf4f436
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:61:60:a0:ca:79:0d:ee:b4:86:3a:34:83:77:
                    67:96:e6:d2:7f:19:7b:86:24:e5:ae:1d:4b:68:61:
                    6c:d3:ad:4e:92:15:1c:b8:f6:ca:9f:95:3d:16:8e:
                    3a:ad:23:5c:07:26:c4:b9:79:1a:71:67:ab:95:f7:
                    b5:b0:61:fc:e8:d6:4e:20:91:cd:98:6b:c8:89:62:
                    bf:9f:b3:bb:de:39:2d:fd:7f:b6:46:e4:c1:05:5e:
                    56:3b:a4:4b:6c:e9:6f:28:56:86:ec:0a:2d:75:00:
                    19:76:2c:0f:3d:aa:b5:c4:91:ac:11:ec:1c:7b:f0:
                    29:8f:7a:86:a7:65:be:1b:a5:c3:49:fd:63:7e:34:
                    5c:6c:46:1e:1a:cc:bf:26:ca:20:50:f2:a8:6b:a0:
                    53:8c:78:1b:ef:e0:21:7d:c9:d9:17:48:c5:b6:5e:
                    d5:02:0f:f5:b5:d4:25:47:e2:53:04:67:e3:f4:dd:
                    03:ec:14:77:49:c3:1e:0c:67:58:c6:2b:83:f7:d5:
                    34:4a:98:2e:1d:a4:89:28:a7:c3:3a:61:4b:8a:16:
                    4b:64:ff:17:03:ac:af:9e:97:0a:f7:cd:7f:e3:a9:
                    b4:49:e7:f8:4a:69:c6:fe:d2:64:df:50:fb:da:da:
                    74:64:d2:9e:63:d9:ba:30:34:1d:70:35:a1:16:29:
                    89:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:CB:AD:36:77:EF:6D:FF:F6:1B:C8:67:EC:C6:3A:75:4C:F4:F4:36
            X509v3 Authority Key Identifier:
                keyid:66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/h8utNnfvbf_2G8hn7MY6dUz09DY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.135.224.0/20
                  46.148.128.0/20
                  83.97.104.0/21
                  91.195.130.0/23
                  91.230.146.0/24
                  91.237.186.0/23
                  109.196.64.0/20
                  176.125.192.0/19
                  195.2.238.0/23
                IPv6:
                  2a13:2940::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:a2:3d:cb:9f:1d:46:ea:fa:82:00:cb:53:9f:e3:4a:36:16:
         31:75:e3:11:84:0d:89:29:38:90:14:0e:fa:46:db:03:74:30:
         86:e0:a8:96:6e:15:a6:b3:85:c0:7e:3e:2e:5a:31:a8:92:a2:
         c7:1f:32:c3:0c:a8:04:fa:55:80:c3:d3:79:d7:f8:74:d4:a1:
         fd:46:dc:a3:e7:58:29:8c:32:74:0e:e5:69:ec:bf:89:a5:da:
         5b:7c:bd:09:84:1c:68:cf:5b:5c:09:30:cf:d8:57:bf:63:b6:
         f3:85:54:61:d4:f1:01:61:f8:7d:6b:c8:66:0d:1d:22:4c:89:
         07:e6:76:4f:96:41:61:b2:02:35:f7:8a:c6:2a:c6:14:ca:05:
         31:29:43:5b:60:2a:e4:b4:fc:01:a7:ad:b2:d9:23:d8:4c:e1:
         45:6e:e6:f8:1e:51:a1:42:62:d2:f7:26:16:15:f1:68:ea:6e:
         42:20:f8:5d:91:c7:f0:47:90:31:ee:ed:d5:1c:3d:9a:78:8b:
         dc:43:d5:e3:f6:53:f3:8d:2a:37:fc:19:8c:af:6e:5e:ed:ba:
         b2:59:73:5d:10:62:cc:fe:7e:81:97:6a:b1:d4:5a:f3:7c:1a:
         2a:21:92:4a:c5:af:b3:ad:43:c9:91:cc:91:a9:65:ac:5c:94:
         99:68:b9:1f
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAY+4/38CM7brHOgWeeuwmuTiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGU5YjJlZWZiMjA1MzQyMzgyYjYwNzJhOTAzZjlkOTgz
NzA3MWEwHhcNMjQwNTI3MDc0MTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2NiYWQzNjc3ZWY2ZGZmZjYxYmM4NjdlY2M2M2E3NTRjZjRmNDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8mFgoMp5De60hjo0g3dnlubSfxl7
hiTlrh1LaGFs061OkhUcuPbKn5U9Fo46rSNcBybEuXkacWerlfe1sGH86NZOIJHN
mGvIiWK/n7O73jkt/X+2RuTBBV5WO6RLbOlvKFaG7AotdQAZdiwPPaq1xJGsEewc
e/Apj3qGp2W+G6XDSf1jfjRcbEYeGsy/JsogUPKoa6BTjHgb7+AhfcnZF0jFtl7V
Ag/1tdQlR+JTBGfj9N0D7BR3ScMeDGdYxiuD99U0SpguHaSJKKfDOmFLihZLZP8X
A6yvnpcK981/46m0Sef4SmnG/tJk31D72tp0ZNKeY9m6MDQdcDWhFimJswIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFIfLrTZ3723/9hvIZ+zGOnVM9PQ2MB8GA1UdIwQY
MBaAFGaOmy7vsgU0I4K2ByqQP52YNwcaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMt
NGMwOGZmZTEwMDc2LzEvaDh1dE5uZnZiZl8yRzhobjdNWTZkVXowOURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMtNGMwOGZmZTEwMDc2
LzEvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQEH4fgAwQE
LpSAAwQDU2FoAwQBW8OCAwQAW+aSAwQBW+26AwQEbcRAAwQFsH3AAwQBwwLuMA0E
AgACMAcDBQAqEylAMA0GCSqGSIb3DQEBCwUAA4IBAQBGoj3Lnx1G6vqCAMtTn+NK
NhYxdeMRhA2JKTiQFA76RtsDdDCG4KiWbhWms4XAfj4uWjGokqLHHzLDDKgE+lWA
w9N51/h01KH9Rtyj51gpjDJ0DuVp7L+JpdpbfL0JhBxoz1tcCTDP2Fe/Y7bzhVRh
1PEBYfh9a8hmDR0iTIkH5nZPlkFhsgI194rGKsYUygUxKUNbYCrktPwBp62y2SPY
TOFFbub4HlGhQmLS9yYWFfFo6m5CIPhdkcfwR5Ax7u3VHD2aeIvcQ9Xj9lPzjSo3
/BmMr25e7bqyWXNdEGLM/n6Bl2qx1FrzfBoqIZJKxa+zrUPJkcyRqWWsXJSZaLkf
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:12:26 2024 by rpki-client on console-fra.rpki-client.org